This video will demonstrate how a simple XSS vulnerability can be leveraged to gain complete control of your web-browser and eventually lead to a complete system compromise.

1) We will use a cross-site scripting vulnerability as the initial attack vector2) Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access4) Elevate our privileges to system-level

QUIZ: There is at least 6 security controls that could prevent several steps in the video including vulnerabilities or user errors. Can you spot them all?

Updating to the latest browser versions like IE8 has a built-in XSS filter. It was disabled for the video.

#3 - Enforced Proxy (Filters malicious data, similar to an IPS system somewhat.) Use the proxy to block outbound access to a known "Evil_IP" or Egress Filtering? So technically your proxy server answer should do the trick.

#3 - Enforced Proxy (Filters malicious data, similar to an IPS system somewhat.) Use the proxy to block outbound access to a known "Evil_IP" or Egress Filtering? So technically your proxy server answer should do the trick.

I laughed IRL, and yeah that's what I meant about the proxy server too.